Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-Sep-22 19:32:11 |
Detected languages |
English - United States
|
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
C:\actions-runner\_work\client\client\host\build\MinSizeRel\host.pdb
|
CompanyName | Jagex |
FileDescription | Jagex Launcher |
FileVersion | 6.2.16.0 |
InternalName | host.exe |
LegalCopyright | 2024 |
OriginalFilename | host.exe |
ProductName | Jagex Launcher |
ProductVersion | 0.33.0 |
CommandLine | --debug --debugdir="{UserAppData}Jagex Launcher/logs" --perday --maxdays=10 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Jagex Limited
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
Safe | VirusTotal score: 0/71 (Scanned on 2024-04-22 11:09:12) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x130 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2023-Sep-22 19:32:11 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x199c00 |
SizeOfInitializedData | 0x8dc00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0016A04D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x19b000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x22e000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
dbghelp.dll |
SymInitialize
SymGetLineFromAddr64 SymFromAddr SymCleanup SymSetSearchPathW SymGetSearchPathW SymSetOptions |
---|---|
VERSION.dll |
VerQueryValueA
GetFileVersionInfoExW GetFileVersionInfoSizeExW VerQueryValueW GetFileVersionInfoSizeW GetFileVersionInfoW |
WINHTTP.dll |
WinHttpOpen
WinHttpCloseHandle WinHttpGetProxyForUrl WinHttpSetStatusCallback |
KERNEL32.dll |
IsBadReadPtr
FlushInstructionCache WriteConsoleW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineA GetOEMCP GetACP IsValidCodePage HeapSize HeapReAlloc EnumSystemLocalesW IsValidLocale GetLocaleInfoW LCMapStringW GetTimeZoneInformation ReadConsoleW FreeLibraryAndExitThread ExitThread SetStdHandle GetCurrentProcess TerminateProcess GetModuleHandleW GlobalAlloc GlobalFree CompareStringW DeleteFileW GetLastError SetEnvironmentVariableW VerSetConditionMask GetCommandLineW VerifyVersionInfoW GetFileAttributesW GetModuleFileNameW OutputDebugStringA OutputDebugStringW GetProcAddress LoadLibraryExW LoadLibraryW FreeLibrary GetEnvironmentVariableW GetStdHandle CreateFileA CreateFileW QueryDosDeviceW WriteFile IsDebuggerPresent CloseHandle HeapAlloc HeapFree GetProcessHeap DeviceIoControl WaitForSingleObject GetExitCodeProcess CreateProcessW GetProcessId InitializeProcThreadAttributeList DeleteProcThreadAttributeList UpdateProcThreadAttribute OpenProcess GlobalMemoryStatusEx GetSystemDirectoryW GetWindowsDirectoryW CreateFileMappingW MapViewOfFile FreeResource GetModuleHandleA LoadResource LockResource SizeofResource FindResourceW LocalAlloc LocalFree SetThreadExecutionState MoveFileWithProgressW AllocConsole FreeConsole SetConsoleCtrlHandler SetConsoleTitleW CreateToolhelp32Snapshot Process32FirstW Process32NextW SetCurrentDirectoryW GetCurrentDirectoryW CreateDirectoryW FindClose FindFirstFileW FindNextFileW GetDiskFreeSpaceW GetFileAttributesExW GetLongPathNameW RemoveDirectoryW SetEndOfFile SetFileAttributesW SetFileInformationByHandle SetFileTime GetTempPathW RaiseException GetOverlappedResult Sleep GetCurrentProcessId GetCurrentThread GetCurrentThreadId SetThreadPriority GetNativeSystemInfo VirtualQuery UnmapViewOfFile FormatMessageA CopyFileExW MoveFileExW FileTimeToSystemTime SystemTimeToFileTime GetFileInformationByHandleEx GetLocaleInfoEx ReadFile SetFilePointerEx CreateIoCompletionPort GetQueuedCompletionStatus PostQueuedCompletionStatus MulDiv IsProcessorFeaturePresent GetTickCount64 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection DeleteCriticalSection FlushFileBuffers SetHandleInformation CreatePipe ConnectNamedPipe DisconnectNamedPipe PeekNamedPipe CreateNamedPipeW WaitNamedPipeW SetLastError SetEvent ResetEvent CreateEventW ReleaseSemaphore CreateSemaphoreW RtlCaptureContext SetUnhandledExceptionFilter CreateThread TerminateThread VirtualQueryEx DuplicateHandle SetNamedPipeHandleState TransactNamedPipe WaitForMultipleObjects UnregisterWait RegisterWaitForSingleObject TerminateJobObject GetModuleHandleExW SetInformationJobObject GetUserDefaultLangID GetUserDefaultLCID GetUserDefaultLocaleName EnumSystemLocalesEx HeapDestroy GetTickCount TryAcquireSRWLockExclusive ReleaseSRWLockExclusive UnregisterWaitEx IsWow64Process GetThreadId GetThreadPriority GetFileType HeapSetInformation SetProcessDEPPolicy VirtualAllocEx GetVersionExW GetProductInfo AssignProcessToJobObject WriteProcessMemory ReadProcessMemory GetCurrentProcessorNumber SetThreadAffinityMask VirtualFree GetProcessHeaps AcquireSRWLockExclusive GetSystemTimeAsFileTime QueryPerformanceFrequency QueryPerformanceCounter GetLocalTime CreateJobObjectW QueryInformationJobObject VirtualProtectEx ExpandEnvironmentStringsW CreateMutexW VirtualFreeEx GetProcessHandleCount TlsGetValue lstrlenW DebugBreak TlsAlloc TlsFree TlsSetValue GetFileSizeEx RtlCaptureStackBackTrace CreateRemoteThread GetSystemInfo WideCharToMultiByte MultiByteToWideChar FindFirstFileExW SleepConditionVariableSRW WakeAllConditionVariable GetConsoleMode VirtualProtect LoadLibraryExA UnhandledExceptionFilter GetStartupInfoW InitializeSListHead InitializeCriticalSectionEx EncodePointer DecodePointer LCMapStringEx GetStringTypeW GetCPInfo RtlUnwind InitializeCriticalSectionAndSpinCount ExitProcess GetConsoleOutputCP |
msi.dll (delay-loaded) |
#137
#88 #141 #169 |
Attributes | 0x1 |
---|---|
Name | msi.dll |
ModuleHandle | 0x1f77e8 |
DelayImportAddressTable | 0x1f4470 |
DelayImportNameTable | 0x1e9f40 |
BoundDelayImportTable | 0x1eb0fc |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Ordinal | 1 |
---|---|
Address | 0x2c5a0 |
Ordinal | 2 |
---|---|
Address | 0x2f1c |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.2.16.0 |
ProductVersion | 0.33.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Jagex |
FileDescription | Jagex Launcher |
FileVersion (#2) | 6.2.16.0 |
InternalName | host.exe |
LegalCopyright | 2024 |
OriginalFilename | host.exe |
ProductName | Jagex Launcher |
ProductVersion (#2) | 0.33.0 |
CommandLine | --debug --debugdir="{UserAppData}Jagex Launcher/logs" --perday --maxdays=10 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Sep-22 19:32:11 |
Version | 0.0 |
SizeofData | 93 |
AddressOfRawData | 0x1e87b4 |
PointerToRawData | 0x1e77b4 |
Referenced File | C:\actions-runner\_work\client\client\host\build\MinSizeRel\host.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Sep-22 19:32:11 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1e8814 |
PointerToRawData | 0x1e7814 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Sep-22 19:32:11 |
Version | 0.0 |
SizeofData | 1248 |
AddressOfRawData | 0x1e8828 |
PointerToRawData | 0x1e7828 |
StartAddressOfRawData | 0x5e8d18 |
---|---|
EndAddressOfRawData | 0x5e8d24 |
AddressOfIndex | 0x5f7b88 |
AddressOfCallbacks | 0x59b444 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks |
0x0043BBF0
|
Size | 0xc0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x5f30e4 |
SEHandlerTable | 0x5e82ac |
SEHandlerCount | 19 |
XOR Key | 0x24fa77ca |
---|---|
Unmarked objects | 0 |
ASM objects (30795) | 26 |
C++ objects (30795) | 193 |
253 (VS 2015-2022 runtime 32533) | 1 |
C objects (VS 2015-2022 runtime 32533) | 19 |
ASM objects (VS 2015-2022 runtime 32533) | 25 |
C++ objects (VS 2015-2022 runtime 32533) | 86 |
C objects (CVTCIL) (30795) | 1 |
C objects (30795) | 43 |
C++ objects (CVTCIL) (30795) | 1 |
Imports (30795) | 15 |
Total imports | 620 |
Unmarked objects (#2) | 330 |
C++ objects (VS2022 Update 7 (17.7.0-3) compiler 32822) | 7 |
C objects (VS2022 Update 7 (17.7.0-3) compiler 32822) | 277 |
Exports (VS2022 Update 7 (17.7.0-3) compiler 32822) | 1 |
Resource objects (VS2022 Update 7 (17.7.0-3) compiler 32822) | 1 |
151 | 1 |
Linker (VS2022 Update 7 (17.7.0-3) compiler 32822) | 1 |